Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: plumb mtls endpoint to TransportChannelProvider #3673

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

fix: plumb mtls endpoint to TransportChannelProvider #3673

wants to merge 5 commits into from

Conversation

rmehta19
Copy link
Contributor

@rmehta19 rmehta19 commented Mar 4, 2025
edited
Loading

This PR plumbs the MTLS endpoint (separately from the resolved endpoint) from the EndpointContext to the InstantiatingGrpcChannelProvider.

Why not just set the MTLS endpoint in EndpointContext if S2A can be used?

  • Although we can decide whether or not to try to use S2A in EndpointContext, we could fail to use S2A in InstantiatingGrpcChannelProvider (if autoconfig doesn't return an address), in which case we fall back to using a TLS connection
  • DirectPath supersedes S2A in InstantiatingGrpcChannelProvider, and the decision to use DirectPath is made in InstantiatingGrpcChannelProvider, not EndpointContext. We may decide to use S2A in EndpointContext, but when we go to create the channel in InstantiatingGrpcChannelProvider, we may find that we should be using DirectPath, in which case we need to use the non-MTLS endpoint

@product-auto-label product-auto-label bot added the size: m Pull request size is medium. label Mar 4, 2025
rmehta19
rmehta19 commented Mar 4, 2025
View reviewed changes
gax-java/gax-grpc/src/main/java/com/google/api/gax/grpc/InstantiatingGrpcChannelProvider.java
@@ -258,6 +260,11 @@ public boolean needsEndpoint() {
return endpoint == null;
}

@Override
public boolean needsMtlsEndpoint() {
return mtlsEndpoint == null;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we want, I think we could make this:

return (mtlsEndpoint == null) && (useS2A == true)

That way, we can be sure we are only setting the mtlsEndpoint when we know:

  • it is non-null
  • it is non-empty
  • it is needed by S2A

Note that the first two are checked in shouldUseS2A in EndpointContext.

@rmehta19
Copy link
Contributor Author

rmehta19 commented Mar 4, 2025

@lqiu96 , please review, thanks!

@rmehta19 rmehta19 changed the title feat: plumb mtls endpoint to TransportChannelProvider fix: plumb mtls endpoint to TransportChannelProvider Mar 4, 2025
@rmehta19
Copy link
Contributor Author

rmehta19 commented Mar 7, 2025

Friendly ping @lqiu96 . Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
size: m Pull request size is medium.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rmehta19